An updated guide to Facebook privacy: December 2009 edition

Facebook has updated its privacy offerings and things are ever-so-slightly …

By now, most Facebook users are aware by some means or another that the company has made changes to its privacy settings. Though these updates have largely been controversial, there are a handful of changes that are actually good and some that are at least neutral. They are also just different enough (but in a subtle way) to make our previous Facebook privacy guide a little outdated, so we thought we would go over some of the settings again to help our readers lock down their profiles as they please.

The good news: you can still divide up your friends into lists—as many or as few lists as you like! As we discussed in our previous privacy guide, the reason you want to do this is so you can divvy up permissions (which we will show you later), and you can do this by going to your Friends > All Friends > Create a new list.

Tweaking access: the new way

The idea is the same as before, but implementation is different. By going into Settings > Privacy Settings, you can control which types of people can see different kinds of information about you. Here's an example from the Profile Information page:

Here, you can set who can access information such as your interests, birthday, political views, family and relationships, education and work, photos of you, and more. The choices are usually Everyone, Friends and Networks, Friends of Friends, Only Friends, or Customize. The Customize screen allows you to specifically pick and choose your networks or friends who can see particular data; from here, you can specify any custom lists you have made. If you want, you can also specify specific friends, and block specific friends from that particular kind of update (can we say "no more Mom rooting around in your party photos"?).

Yes, much of this functionality is the same as before. The difference is the way it's presented from the main screen for each section—we feel that it lays out the options in a clearer manner than before and allows users to granularly tweak these settings without getting too lost in menu items.

Permissions on wall posts, one post at a time

The most significant change that Facebook made this month was the much-requested ability to determine permissions on a per-post basis. Previously, you had to set universal preferences for wall posts—either all your friends could see them, or none of them, or everyone, et cetera. Now, you can determine at each posting juncture whether you want everyone on earth to see it or just specific groups.

Just underneath the wall posting box is now a little lock icon that, when clicked, exposes your options. Again, you can elect to have a wall posting shown to everyone, friends and networks, friends of friends, just friends, or customized to individual friends and lists.

You can differentiate the posts you have "protected" (versus ones that are displayed to whatever your default settings are) by the little lock icon next to the post:

The post I made in the above screenshot was limited to a custom list that I made for the Ars staff, meaning that anyone else who goes to my Facebook page can't see it unless they're a member of that list.

What's missing?

There are a few things that are no longer part of Facebook's privacy settings that were there before. For one, regional networks are no more, and this is largely a good thing, as people could unknowingly share too much information with strangers within their city or state without realizing it. (The idea with your personal networks is that you know the people in them, and therefore you are less likely to accidentally share stuff with strangers.)

There's also no way to block your personal information from Facebook apps. The only way to avoid sharing your information with third-party app developers is to uninstall all applications.You can, however, control what your friends can share about you with third party developers by going to your Settings > Privacy Settings > What your friends can share about you > Edit Settings:

Another major element that's gone is the ability to manage multiple levels of permissions with regards to your friends list. This is because Facebook now considers your name, profile picture, city, gender, and friends "publicly available information," so anyone who finds you on Facebook can see who you associate with, even if you otherwise hide your info from nonfriends.

There is one catch to this—Facebook relented on the initial complaints about the friends list and has now enabled users to universally show or hide them. You can do this by going to your own profile and scrolling down to your friend list, then clicking on the little pencil icon. A menu will pop out with a number of options; one of them will be to show your friend list to everyone:

As the box says, your friends are always visible to your other friends, but if you are cavorting with enemies of the state or inside sources, random strangers won't be able to see your Facebook connections unless they friend you first.

Update: A reader has brought to our attention that it's still possible to access someone's hidden friends list through Facebook. All you have to do is look up someone's Facebook ID number and plug it into this URL where it says "USERID": www.facebook.com/ajax/typeahead_friends.php?u=USERID&__a=1

Conclusion

As usual, there are some shortcomings to Facebook's transition to a simpler privacy system. Some of them are major—the transition tool recommends that users share everything with everyone as part of its default settings—while others are less so. Despite this, the company at least seems to be trying to give users what they want, and a few good things have come out of it.

Of course, the company is happy to pat itself on the back for these changes. "Facebook's plan to provide users control over their privacy and how they share content is unprecedented in the Internet age. We have gone to great lengths to inform users about our platform changes," a Facebook spokesperson told Ars. "We’re pleased that so many users have already gone through the process of reviewing and updating their privacy settings and are impressed that so many have chosen to customize their settings, demonstrating the effectiveness of Facebook’s user empowerment and transparency efforts."

One thing we have learned from Facebook is that changes like these—especially as they pertain to user privacy—are always evolving. The company tends to keep an eye on how people are using the service and eventually makes tweaks to its offerings to better coincide with that. As a result, these latest changes may themselves be changed. Since they're here for time being, we may as well all learn how to use them.

16 Reader Comments

Two elements of privacy have changed, one of which I am certain, and about the other of which I may be mistaken.

First, I am absolutely certain of this: previously on my wall, I did not need to see or display or have displayed, all posts regarding "friend-of-mine has become a friend of so-and-so" or "friend-of-mine was tagged in a photo" or "friend-of-mine liked a photo by so-and-so" or "friend-of-mine commented on a post by so-and-so" ...No place to control this, yet still allow "friend-of-mine" to post to my wall. (My wall is very littered with news of what has happened to "friends-of-mine". This was most assuredly NOT the case before the privacy changes took place!)

Second, and I may be mistaken, but I was under the impression that I could ABSOLUTELY AND POSITIVELY protect the privacy/identity of my friends by TOTALLY denying display of the identities (avatars) my friends to anyone who is NOT ALREADY a friend! I find now that there is no way to prevent display of some minimal number of friends (the minimum so far as I can tell appears to be 6 unless one has fewer friends).

FB has not responded well to the "righteous indignation" of users and public interest groups such as EFF on these changes. Too bad.

It seems obvious to me that parents can much more easily get some idea of who their children are in contact with if they open their own accounts and "befriend" their kids. I want parents to "snoop" on their kids accounts and their Facebook Friends. I don't know how to enable parents to do this without diminishing everyone's privacy. So while I kind of sympathize with fjpoblam, another part of me wonders if people looking for such privacy shouldn't be using Facebook. You have to be prepared to sacrifice some privacy if you want to participate on a social networking site.

There needs to be a way to restrict how friends view your friends list. I only want friends to be able to see mutual friends. I communicate with several groups of people that I don't want interconnected. Highschool, arsians, coworkers, coworkers from a old employer, and family don't need to grouped together and be able to poke around unless I choose to share that information. I used the feedback area to voice my concern, if you feel the same you should too.

My problem with FB is the fact that you need a guide like this to understand their privacy options (over and above that, you need a constantly changing guide to keep up with their changes).

The fact is that facebook knows as well as most of us here, that 99+% of people would prefer the way things used to be. Most info is private, and available to only your friends, except the basic stuff, like name/gender, etc. You can choose to change the defaults for teh rest, and make them fully public, or public to certain networks (initially, the only networks were your college).

However, that is not a business model that grows in perpetuity, and justifies their many billion dollar valuation. Hence the need to make your information widely public, and their constant prods to push their users in this direction, whether inadvertently or not.

"Another major element that's gone is the ability to manage multiple levels of permissions with regards to your friends list. This is because Facebook now considers your name, profile picture, city, gender, and friends "publicly available information," so anyone who finds you on Facebook can see who you associate with, even if you otherwise hide your info from nonfriends."

The way they handled the change was idotic. I'm betting a lot of people just clicked ok to make the messages go way (MUST PLAY FARMVILLE!!!), and now have all their information public.

Having said that, I love the idea of being able to control what groups see my wall posts. I've been specifically avoiding saying certain things because a bunch of my "friends" are old church acquaintances. I keep worrying about offending them, but now I can say whatever I want and just exclude them. Hurray!

I have professional, political, and personal relationships connected to my Facebook account. There is absolutely no reason why those three groups need to be able to view, or otherwise interact with, each other with me as a hub.

Until the issue of being able to hide the contents of my friend list, from even my "friends", is restored; I'll be leaving my account de-activated.

There are way more privacy settings that you are missing! They are very easy to miss! There are now "per-application" settings for all built-in and 3rd party applications at http://www.facebook.com/editapps.php . Notes, Links, Photos, Videos, Groups all have their own privacy settings. I only realized this like last week, and while I have always been very careful with my FB privacy settings, some of these defaulted to public values!

What keeps me off Facebook is the fact that I don't trust what they do or will do with the data, and I don't trust that they won't pull the rug out from under any privacy policies put in place.

quote:

Originally posted by bolomkxxviii:"Another major element that's gone is the ability to manage multiple levels of permissions with regards to your friends list. This is because Facebook now considers your name, profile picture, city, gender, and friends "publicly available information," so anyone who finds you on Facebook can see who you associate with, even if you otherwise hide your info from nonfriends."

you can no longer hide your "Pages"... as in anything you become a "Fan" of is now 100% completely visible to the entire world. this isn't really acceptable.

my page is pretty much completely "Friends Only" except for that singular thing. i'm "Fans" of numerous things ... some as jokes and some that are serious. these are now completely in the open to any non-friend looking at my otherwise decently private profile.

it's nice i can hide say... my political affiliation... but if i am fans of certain groups and politicians it seems like it would be something easy to 'assume'. same with regilion / age / all sorts of things... could all be figured out with some reasonable level of accuracy based on things you are "Fans" of.

planning on just un-Fanning everything in my list because of this... even if i do enjoy getting updates from numerous of them.

seeing as "Fan" pages are frequently corporate pages... seems like these corporations would be better served by not having people un-Fanning them because of this issue.

i haven't found a single place to alter this. has anyone else? i think it is a pretty serious privacy change (and a real one) that i haven't seen much mention of. easy to test... just have a non-friend or non-friended account check your profile. plain as day.

Originally posted by x23:one thing that changed in the last round of privacy rejiggering...

you can no longer hide your "Pages"... as in anything you become a "Fan" of is now 100% completely visible to the entire world. this isn't really acceptable.

...

i haven't found a single place to alter this. has anyone else? i think it is a pretty serious privacy change (and a real one) that i haven't seen much mention of. easy to test... just have a non-friend or non-friended account check your profile. plain as day.

There is nowhere to alter it. You can search the Help Centre for something like "hide pages list" and see plenty of users saying the same thing.

As for testing, when you finish the privacy settings page, it shows you a preview of your public profile, and lets you put in any of your friends' names and lets you see how *they* see your profile.

I'm really annoyed by the recent FB privacy changes. As fjpoblam pointed out, there is no longer any way to control Recent Activity posts and I find this to be a glaring problem.

However, my biggest issue is the Settings -> Privacy Settings -> Profile -> My Posts option. This one option controls the privacy level for wall visibility as well as the default permissions for Links, Statuses, Notes and more.

I post a lot of links to tech news using a bookmarklet and would like all such links to be visible to all my friends so setting this option to "Only My Friends" seems ideal as I want my friends to see my wall and this is a reasonable default permission level for Links.

However, I prefer status updates to only be visible to a particular friend group by default. If I set this option to this group, then no one but that group will be able to see my wall at all, and everything I post will also default to that permission level. Obviously this is not what I want.

So, my only option is to set the permission of my status updates to that group every time I post an update. That wouldn't be so bad except that the iPhone app doesn't support this so my mobile updates end up being seen by people who shouldn't see them. To add insult to injury, there's no way to edit the permission for a Link or Status once it's been posted.

I also think FB should implement per-picture permissions. I frequently wish to post event pictures but limit visibility of certain pictures to a subset of my friends.

Oh, an addendum to the above: If you go to post your status, click the lock icon to change its permission, select Customize, then check "Make this my default setting" you will not only set the default for status updates, but also for most other types of posts AND your wall visibility! Use with caution!